[secdir] Re: [Last-Call] Secdir last call review of draft-ietf-asdf-sdf-18

"Smith, Ned" <ned.smith@intel.com> Tue, 28 May 2024 18:25 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F371C1DA2E1; Tue, 28 May 2024 11:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cJ3n_5aCIMIY; Tue, 28 May 2024 11:25:19 -0700 (PDT)
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A3B7C1DA2ED; Tue, 28 May 2024 11:25:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1716920715; x=1748456715; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=sQDA1YJ2K1Rl4Q4uOXcftpPgF+zFRL1y9w1m7jQQoUg=; b=DaPypTGuroWW0idGBj1020mZpYxzxAY2dBNFqveO4GbKbd3pT84N6z24 C2qs4EXMDArS9DBAInRffo6nEITtyBycMkaJaMgIZM8ENHvbHvlRjrdWJ AQxSYh10FimIjSfxXc/apOgBlh7sGvrbVLK70MrEJn871Xru0p14LZOgU XTko/PBsbIkV6LMkBPWrKj/zA8yUlA6zfjJ22JV2yADAh8JHJegAYggie /I5Paru1GYAx22+obBAgeEfPuxVvRYGAMjBhkofVr1/T+xYBwhpnHfygj 00yGkRoMa+pVoajI5kSLJza0Jt5YSv7jQTQkjNxpa/G7PQCeuqWHdWHxi w==;
X-CSE-ConnectionGUID: DkTWZFx1RWSxGBbzcFfmyg==
X-CSE-MsgGUID: wdRSAo5jSoG6zGdSmHWA0A==
X-IronPort-AV: E=McAfee;i="6600,9927,11085"; a="24701474"
X-IronPort-AV: E=Sophos;i="6.08,196,1712646000"; d="scan'208,217";a="24701474"
Received: from fmviesa010.fm.intel.com ([10.60.135.150]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 May 2024 11:25:13 -0700
X-CSE-ConnectionGUID: sDb4ubJzRbGgNZxe1s5HSg==
X-CSE-MsgGUID: dDdoqj3tRzCMvibweE9kyA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,196,1712646000"; d="scan'208,217";a="35227808"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmviesa010.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 28 May 2024 11:25:12 -0700
Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 28 May 2024 11:25:11 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39 via Frontend Transport; Tue, 28 May 2024 11:25:11 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Tue, 28 May 2024 11:25:11 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XkpomFP65Ev4aG6rd88XSdaqMDKXafYgtdrrMdr0GVr/SIsWYzH5VmvoPK9+MBfjZhEsOMQEDptQVzoWxjRZ+MEo6nCeb93JpaqZtn3jGRhF+fwp1H2/OD45XSD9JbyutAX1mKQi3qQHROvYfGh15n8aawWYQZzrxyE0KK+kPfJLe/lTJozTn8zeVbCSV7QDqgIwS6nzdlj26OGxQeO+lR5ioQ7JcRIZk0ENQY0gCN8Fib6DI55sNNH59kyIBMzTtdXXBnN0IWO9Zo7uef1rc2Tn8rmvdYJx5RAS+vKdPgaYMLIuFLM3nZEw0pAALGOmMHWI1fI78hKWjptdgSGAWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oBSWtgLw4Q0iln7z29hLJ/4NzuUcbswm2B3742YrwoE=; b=JZxPvJqUPflN4G2MkR5kQGz9ZaFxMWACITYXHUHCBrsrN0cGGfGLs0o9BYqqxe9VL7515YEdNuhh4HSIUxap/1jGUoxGaiYlhOBEU7r+keFXCMUcLQFi6uEvVxwGw1HNUGkN4iaFhsp+GmRBZvplisL+madS0FLeWtZdqzMoHcUDdxpL9kvEtOtftKR87MlDN+uF6cqKffp7f1PiW15jto7Y3C+9HDMxRFJqa99kndFIZa6k0OQNeU1lzktXHSzDnho8MnMbM4KQygDiqPjb4d2Sc0pI0XsGPGvxp2bPFcxFvt4EfnrBEWIfSoD/L+YWfJhbEk2H2+Zag5DnG35/Gg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM3PR11MB8733.namprd11.prod.outlook.com (2603:10b6:0:40::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.30; Tue, 28 May 2024 18:25:09 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::9bf0:5425:d055:42b7]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::9bf0:5425:d055:42b7%4]) with mapi id 15.20.7611.030; Tue, 28 May 2024 18:25:09 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: Carsten Bormann <cabo@tzi.org>, Magnus Nyström <magnusn@gmail.com>
Thread-Topic: [secdir] Re: [Last-Call] Secdir last call review of draft-ietf-asdf-sdf-18
Thread-Index: AQHasMQM6ojT1G9+5Eut2iZQk7zi3LGs9cnT
Date: Tue, 28 May 2024 18:25:09 +0000
Message-ID: <CO1PR11MB5169BDBCDC98FFB6A501E71EE5F12@CO1PR11MB5169.namprd11.prod.outlook.com>
References: <171687277928.58506.15548370459995846366@ietfa.amsl.com> <FAFF4355-359E-4436-BAE5-9CFB206ED70C@tzi.org>
In-Reply-To: <FAFF4355-359E-4436-BAE5-9CFB206ED70C@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO1PR11MB5169:EE_|DM3PR11MB8733:EE_
x-ms-office365-filtering-correlation-id: 37ace90d-1bbe-45db-ec78-08dc7f43818a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|366007|376005|1800799015|38070700009;
x-microsoft-antispam-message-info: wNp1LpG3Pv9FegCelX/5RaeAsuX8tl9Kqxe6CIRmlY+O9aNclBGN34RLzstNhCq4zk+s52g9+QncKHnCQe8CDM7F+q2FsF5/LYmucU2Pjvuds/cQ/9kEQI5POs5bmbyfJHxfNxAsA45k03LuZ8ejAqinVzTbFqJN6HitgLKRBpx6XnPxOXiVx7JKhd6z0YBUft8pxTWXMGGDfSMW8XwU8o5UecOwxKkvDACPnwpYMWVlc1ufQ+M6hrXw6nxzGwM1a/iM4VQTDvMXUJQ1s0gt9xO/wxOWNnPwwqR9uOduaBnoQ1L+REE5hzlm/hnK+4lyRhfLVCxTb3pd3N+cqkMXA5lG6G8p46gu7uXS6eGniUCWceVxySnUSYOQ0zrFRZTwRu/Jv7BPOPfA6mVriEMj9JBbns2LTb+8LbzGXLKHH4ugb7rnwXb0ox4LnNKU9bvN+IZjrnXndlymf1PWXXCWIudZGrnSU1gHdxee1YhdiIJlqg11Ln0yiHmAHnFa+52SAPDvDXKkrYe4KGUVn1cy/EIR9c6yMvTVvXTfVcn2M6S3MONpRDb794Ju1WHpaf/UpxFtbpf75mpEWm8CKQrfjpRuujLDC9NFBagVWQqj8WB68DORXl72cuVC1vDqLtNI7croiS+wESQ9WHVvDLA+gxX47D7ySm3BV4B3atWP4DLuGGC/BEFUeZc9SAD2TdKxjOaa0aFhGybyS7+CAKwRtKmK+CRrHKSwwQEFnlYSiaQiiLdDzdqCU5/nT/NJ/Ezm4reli6etUd2IIQ6pY+k19Hf2HBSLy+C3xAh1rRScz2h2mhEMJpQCMLpMoqvlYOjismgM70XhoWUxAOh/G2TssMVsFdHOTUWMkduUMjyDlsFCxsGw0TNFsZsODdHE8FJspQWDM5lp8QEfVmuwXoz4dTZAbH7pm79vdx7JyUx1PtH6wzCNd0OYr1E5PYoODZl4B4eggCORD5EwJUUg+5NhX5UbkT+BnvfVestHfpIyY0UexZLZtMnb4toHpNkUPLfmUwGXsQhePllHM/Kzo1x/8P8L1QXjlFbbRbCdC7pDxWSPSN2e07I278cVtT6UzTAIHVOzHXaOkyHmpUAkxsv3nBYekJVa/3DKGKG5/M8oLd40+/nTXywpFJwcp4X37FzIU9isD6FgfmMGHNP8ZDisEBncroOHqIYITkUlCCLmxdSP+Igjwfmu4Mb5SJHTtF71NNNcBc0EXl1cnFpnnZ/Z6VWJlTeV5bh9b8+p1Kvfm86hiyy9fAaOzG2NWDdwBIYltIo3kRO2K9YTvB9gXfoM02GttDEDrF9kXwT00HJS+hU=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB5169.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(376005)(1800799015)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NNFZl91Yh78mEJe8nkN7SUvpJkHITQl2jfguSw1FA2Hmf3+rhMJ3s6IKhlVyPBaR2MryZQaxxhXCsaSuVQG6ktzpNN5wp1qodLZh54J4O1qtX6ksNfV1QJLr1dPL9ZL4cpVd1WqHcnniZKtsSAvd5Umnxh1JXUZ2DxHE4tUnrzq9aEEWXWw9olN3D0HIl+Jjv2IE8is5pSL1Fmd4SLbQUUmLs2OuRLnDbeZgZ2Xagx/FHPaWPqEYluFPDVpelgtbeRKoqrR01RFDkvb0x8agSVKFKd2L3wRqA5AbuBXmTnnKfv1FcnbVMJPsbZWuqgMtQx/I1RfEsaHWwI7ru8SHn35/zWjJG45FEFAnSbiXTMjdsZl7HY9h9dvn1VyvCieG5KjyqryZoUCJnHKR4wOErDRl9rPhbPTAlELrhIj9wDuvxbk+8VFeGgH/Ok9+rCoq/J5/W4ptQ+e9BjXFJW8B+ESB2cOGA0w0SklaBG4pkEoqHt5nRLub2DMlyyV9Ok2hOH6oCGE8xc2kC8gnuY4V+9gdq8YTS093h+HwgRfmvbq3LRkWslzZMQO412iMoG5PVky7aNXr+iFkkhYVIJ0FUMpBVx3PeN7Z65Tf0GRNpNsW/pB5YvmAPCCHajUHCtSnyZKEs1pEPt1hUwf3c7HrzBDXWlt7OnbhAUuroAJ/uZLxCJiabNDCcDFur6XThg1Q8/1fZRLkR1daYBBU7O3iApGxV51yyQ+wBchKIgBivekJ4drt1u8HOhF++J5Eebi+xyO5VuYUIWzUvHqSZEllD5M+XfTdzxKbWZQM1qKNSi6Ws9X2Wno9NEMPgjwaZjxy65sKMy1EWzQHbtjQ8T5AddvetckX35cK0X/iQS+pOq3R/DamhJfq81T9I37bNY+jtPG0jvKq9VRX/2veYFr61MQVqu27kvkkA679nSWCKtb5l1xrCQrd6EFZkVvv7DLiy102LyJ1s9tK091OIi7KRV2/CHh1/t32+zLwnN7mv6oimkqofVOLF9UNFgdKMzQ7vzJ1TDHQdbsM54aGfBjNqlSOg3KApRvO+JnvdQMffNFNtlNV05H+7IjurNh0z25bdOUBqLDRQBPJj9zHGNBgbVb7AqOWej+J3GLcUqZL7D8N5W/eMtMC/ikaS2k9GTPWh+XvpcW2AQsDgQpUJQ6PkujC1nHwE22NYIj6FgplVwuLdFg41CBz5m7lYlKcEuAZ52aZIL3Uluy1FxhOSYVyB5CNbze0DploZTK2zO3Zc/9+V5qjde+Wa/mh8VO+8LQH2di+SaKID+V1tDmagvrtn80m/YMXPx5eQ4cVDdF/+eKqV5dZhTqwIca70uCQIV910yRO4LMM8iOoHavCb1cP15WO9qgubi4Ng3PPrd375pDVm0u+lVyg9aKzVxGISLd95gkjv885zBpbbuN/HU9nkrVLXxO4BZuRdXv+sOSRgrDhFpiilHI01tsQV+Ubo5qre/UbaXr0mlKRuq6JvRMBaJGC6LuniLqkfFVjPw6fMaD50ahfifn6I00TW86nzQjF671Th+JOIY90gjls5R4r+iBaPcps6uWWZ0JzwWkzZLwYWZp+zEoV4Ir8e0wp9GWBR5NqwBHE4BWbboukHJRjAA==
Content-Type: multipart/alternative; boundary="_000_CO1PR11MB5169BDBCDC98FFB6A501E71EE5F12CO1PR11MB5169namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 37ace90d-1bbe-45db-ec78-08dc7f43818a
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 May 2024 18:25:09.2213 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KB1fHf7m/geBetTzd4BN0QeGbEH6bq4A0IfdMO/y2ZxKxqc97zmusoQMm6Ogx1OZijgkmz6GM3N4nblgWAJc6A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR11MB8733
X-OriginatorOrg: intel.com
Message-ID-Hash: MWEZVGQTRPXBE7SKUP2YSAQB6PEQAJEY
X-Message-ID-Hash: MWEZVGQTRPXBE7SKUP2YSAQB6PEQAJEY
X-MailFrom: ned.smith@intel.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "secdir@ietf.org" <secdir@ietf.org>, "asdf@ietf.org" <asdf@ietf.org>, "draft-ietf-asdf-sdf.all@ietf.org" <draft-ietf-asdf-sdf.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: [Last-Call] Secdir last call review of draft-ietf-asdf-sdf-18
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/qC1naDZQziScHpKsb0ntFinC3aE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

The draft uses provenance without defining it. There is a definition in NIST SP800-53r5:
“The chronology of the origin, development, ownership, location, and changes to a system or system component and associated data”.

It isn’t clear if the I-D authors intended this definition or something else. If this is the intended definition, then the NIST definition doesn’t specifically say “authentication”, “integrity”, or (attestation) “appraisal”. But if the authors intended these properties, they could have used those words directly rather than “provenance”. If they intended the NIST definition of provenance, they could site the NIST document.

-Ned

From: Carsten Bormann <cabo@tzi.org>
Date: Monday, May 27, 2024 at 22:58
To: Magnus Nyström <magnusn@gmail.com>
Cc: secdir@ietf.org <secdir@ietf.org>, asdf@ietf.org <asdf@ietf.org>, draft-ietf-asdf-sdf.all@ietf.org <draft-ietf-asdf-sdf.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>
Subject: [secdir] Re: [Last-Call] Secdir last call review of draft-ietf-asdf-sdf-18
Hi Magnus,

thank you for this review.
A couple of quick comments to your specific items:

> - The Security Considerations section mentions the possible need for
> confidentiality of an SDF model ("There may be confidentiality requirements on
> SDF models, both on their content and on the fact that a specific model is used
> in a particular Thing or environment"). Couldn't there also be a need for
> integrity/authenticity of a given SDF model? The document is silent on this.

Actually, we use (twice) a much stronger word: provenance.
This combines integrity and authentication with some appraisal (or at least policy) of how the data from the authenticated source can be used.
We are not pointing to a specific mechanism here, as that is likely to be ecosystem specific.
We could, however, explicitly remind the reader that provenance has integrity and authenticity as a prerequisite.
A minimal change in:

https://github.com/ietf-wg-asdf/SDF/pull/157

> -
> Related to the previous point, was it ever discussed to allow for an integrity
> or authenticity value accompanying or being part of an SDFThing instance?

Given the role of SDF as a hub format, SDF needs to be agnostic to the kinds of integrity protection and authenticity that is used with it.  Embedding a model into an SDFThing instance is certainly one way to provide this information in a way that could make use of protection already available for the Thing in general.  It is more likely, though, that a Thing will provide a reference to its model that is stored somewhere else.  That would be described in a model using an extension such as that proposed in [1] (if it is offered as an affordance from an instance) or possibly [2].  (These are likely to become WG documents after the current rechartering.)

[1]: https://datatracker.ietf.org/doc/draft-bormann-asdf-sdftype-link/
[2]: https://datatracker.ietf.org/doc/draft-laari-asdf-relations/

Grüße, Carsten

_______________________________________________
secdir mailing list -- secdir@ietf.org
To unsubscribe send an email to secdir-leave@ietf.org
wiki: https://wiki.ietf.org/group/secdir/SecDirReview